enterprise risk management (erm) practices...

International Journal of Academic Research in Business and Social Sciences

Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS

1232

Full Terms & Conditions of access and use can be found at

http://hrmars.com/index.php/pages/detail/publication-ethics

Enterprise Risk Management (ERM) Practices among Malaysian SMEs: The Three Steps Process to identify Adopters and Non-Adopters of ERM for SMEs

Khairul Afzan Aziz, Ahmad Shukri Yazid, Mohd Sadad Mahmod, Norfadzilah Rashid, Fauzilah Salleh, Puspa Liza Ghazali and Suraya Mahmood

To Link this Article: http://dx.doi.org/10.6007/IJARBSS/v8-i11/5165 DOI: 10.6007/IJARBSS/v8-i11/5165

Received: 28 Oct 2018, Revised: 21 Nov 2018, Accepted: 30 Nov 2018

Published Online: 03 Dec 2018

In-Text Citation: (Aziz et al., 2018) To Cite this Article: Aziz, K. A., Yazid, A. S., Mahmod, M. S., Rashid, N., Salleh, F., Ghazali, P. L., & Mahmood, S.

(2018). Enterprise Risk Management (ERM) Practices among Malaysian SMEs: The Three Steps Process to identify Adopters and Non-Adopters of ERM for SMEs. International Journal of Academic Research in Business and Social Sciences, 8(11), 1231–1245.

Copyright: © 2018 The Author(s)

Published by Human Resource Management Academic Research Society (www.hrmars.com) This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode

Vol. 8, No. 11, 2018, Pg. 1231 - 1245

http://hrmars.com/index.php/pages/detail/IJARBSS JOURNAL HOMEPAGE

http://creativecommons.org/licences/by/4.0/legalcode



1233

Enterprise Risk Management (ERM) Practices among Malaysian SMEs: The Three Steps Process to identify

Adopters and Non-Adopters of ERM for SMEs

1Khairul Afzan Aziz, 2Ahmad Shukri Yazid, 3Mohd Sadad Mahmod, 4Norfadzilah Rashid, 4Fauzilah Salleh, 5Puspa Liza Ghazali and

6Suraya Mahmood 1Research Institute for Islamic Products &Civilisation (INSPIRE)

Universiti Sultan Zainal Abidin (Unisza), Gong Badak Campus, 21300 Kuala Nerus, Terengganu 2,3,4,5,6Faculty of Economics and Management Sciences, Universiti Sultan Zainal Abidin (Unisza),

Gong Badak Campus, 21300 Kuala Nerus, Terengganu Corresponding Author : [email protected]

Abstract According to the World Bank research involving SMEs from 104 developing countries has found that small firms have the largest shares of job creation, highest sales growth and employment growth compare to large firm. However, large firm is more productive. Similarly, SMEs in Malaysia also contribute significantly to the economic development especially in creating new job opportunities. SMEs involvements in business expose themselves to risks. Hence, SMEs need risk management. A review of current literature was focus to the adoption of ERM among large firm. However studies that have been conducted to examine ERM adoption among SME are still lacking. More important, the identification of adopters and non-adopters are based on the large firm’s ERM indicator such as Chief Risk Officer (CRO) or COSO (2004) whereas SMEs with difference characteristic need a suitable adopters and non-adopters identification process. Thus, the main objective of this paper is to propose a simple and systematic identification process of adopters and non-adapters of ERM for SMEs. Keywords: Enterprise Risk Management (ERM), ERM Adoption, Adopters, Non-adopters, ERM for SMEs, Malaysian SMEs. 1. Introduction Small and Medium Enterprises (SMEs) play a vital role in most countries especially developing countries. Base on the World Bank Enterprise Surveys (ES) database, a study of 49,370 firms in 104 countries revealed that SMEs have the largest shares of job creation, highest sales growth and employment growth compare to large firm (Ayyagari, Demirguc-Kunt, & Maksimovic, 2011).



1234

In Malaysia, SMEs accounting for 98.5 percent of total business or 907,065 establishments and account for 36.3 percent of the GDP, 65.5 percent of employment and 17.6 percent of export (SME Corporation Malaysia, 2016) According to SME Corp, SMEs in Malaysia are defined as:

i) Manufacturing sectors with annual sales turnover not exceeding RM 50 million or full-time of employees not exceeding 200 workers (previously less than 25 million annual sales turnover and less than 150 workers); and

ii) Services and other sectors with sales turnover not exceeding RM 20 million or full-time employees not exceeding 75 workers (previously less than 5 million annual sales turnover and less than 50 workers).

SMEs in Malaysia have low productivity compare to large firm (SME Corporation Malaysia, 2012) and SMEs in other developed countries. SMEs productivity per worker averaged RM 47,000 which is about one-third the productivity of large establishment. Likewise, SMEs in the United States and Singapore are seven and four times more productive respectively than Malaysian SMEs(SME Corporation Malaysia, 2012). Productivity issues are similar to most of SMEs in developing countries (Ayyagari et al., 2011). Low productivity is one of the symptom of SMEs failure or crisis (Ropega, 2011) and part of risk. In general SMEs face risks externally and internally. Externally, business is changing quickly and generating a great deal of uncertainty such as changing customer tastes, new product development and technology. Internally, SMEs face the risks such as human error, fraud, system failure, the disruption of production and so on (Dickinson, 2001). This environment forces firms, especially SMEs to be innovative and constantly review their processes and practices in order to keep survive (Bahri, St‐Pierre, et al., 2011). Therefore in order to manage risks, Enterprise Risk Management (ERM) could be a solution to SMEs. Given the size and managerial structure of SMEs, the process of establishing and using ERM is relatively simple given the close relationship between owners, managers and operators of the enterprise (Yolande Smit, 2012). The main objective of this paper is to propose a simple and systematic approach to identify adopters and non-adopters of ERM for SMEs in Malaysia using 3 step process derived from previous literature namely Application of Risk Management in Small Business (Alliance, 2005), Enterprise Wide Risk Components (Lam, 2014) and COSO (2004) ERM Framework. 2. Problem Statement In Malaysia, ERM practices still at early stages. Among current practices such as government initiative to introduce the Malaysian Code of Corporate Governance 2012 which is required the board of public listed company in Bursa Malaysia to identify principle risks and ensuring the implementation of appropriate internal control and mitigation measures (Securities Commission Malaysia, 2012). Despite of the regulation upon public listed company in Malaysia to implement risk management, the adoption rate is still relatively low compare to the other developed countries (Togok, 2016; Yazid, Hussin, & Daud, 2011a). Event related to risk has terrible effect on SMEs than in large firms (Kiew & Angeline, 2016). Risk management is a major issues for SME (Brustbauer, 2016). Although ERM is an effective proactive



1235

risk prevention tool for SMEs (Vadiveloo & Aguirre, 2013), the ERM practices among Malaysian SMEs are still questionable. For example there is a risk issues on fraud in business organization in Malaysia but they tend to put the matter a side (Shanmugam, Ali, Hassan, & Haat, 2012). Furthermore only small numbers of SMEs in Malaysia are expanding into larger establishment. SMEs are afraid of taking risk and facing uncertainties when they become large corporation (Salleh & Ibrahim, 2011). Besides growing in size, SMEs need to face the challenges such as vulnerability in financial market, political instability, raising cost of energy and frequent natural disaster that would directly affect the future direction and growth of SMEs. Therefore, ERM is crucial to be implemented by SMEs to reduce exposure to business loss (Kiew & Angeline, 2016). Hence, it is important to study ERM in the context of SMEs in order to understand the practice of ERM to encourage adoption of ERM among non-adopter and to extent the use of ERM at its full potential. Even though the study of ERM practices among SMEs is increasing recently, it is still limited (Amalina, Abdullah, Zakuan, Khayon, & Ariff, 2012; Ekwere, 2016; Razali & Tahir;, 2011). SMEs risk management has not received desired attention in the literatures (Gorzeń-Mitka, 2013; Yusuf & Dansu, 2013). Furthermore, the majority of studies examined SMEs in developed European Countries (Falkner & Hiebl, 2015) and still limited in Asian Region (Togok, 2016). Although a current research stated that 80% of respondents from 214 SMEs in Malaysia are clear about the importance of risk management to achieve organizational long term sustainability (Kiew & Angeline, 2016), there is still a need to study on the adoption of ERM among non-adopters and extension factors among adopters to ease the extent and future research of ERM practices among SMEs. However, the more critical issues are arise from the study on how to identify adopters and non-adopters for SMEs. Most of the researches were focused on large firm, public listed company and government linked company that capable to employ chief risk officer (CFO) and form a team of management to handle risk issues, whereas, SMEs with limited resources such as financial and human resources are unable to adopt ERM in the same indication are used. Therefore, reconsidering on how to identify ERM adoption for SMEs should be more practical. Therefore, this paper aim to purpose a simple and systematic process to identify and determine adopters and non-adopters to help the researcher to do research regarding the topic on ERM for SMEs with three simple step and systematic approach. Hence this study will fill the gap in literature. 3. Literature Review In the literature the name ERM is sometimes replaced by synonyms like Enterprise-Wide Risk Management, Holistic Risk Management, Integrated Risk Management and Strategic Risk Management. Enterprise Risk Management (ERM) has emerged as a new risk management technique aimed at managing the portfolio of risks facing an organization in an integrated, enterprise-wide manner. Unlike traditional risk management, where individual risk categories are managed from a silo-based perspective, ERM involves a holistic view of risks allowing business to take into account correlations across all risk classes(Monda & Giorgino, 2013) In general ERM is known as a systematically integrated and discipline approach in managing risks within organizations to ensure firms achieves their objective which is to maximize and create value



1236

for their stakeholder (Razali & Tahir, 2011).Many organizations are implementing ERM process to increase the effectiveness of their risk management activities, with the prime goal of increasing stakeholder value (Beasley, Clune, & Hermanson, 2005a) In SMEs context, according to Vadiveloo & Aguirre (2013)ERM is a form of micro risk management and a comprehensive approach addressing risk in all functional areas and also an effective proactive risk prevention tool for SMEs. Therefore for the purpose of this study, ERM for SMEs can be defined as; ERM for SMEs is a micro risk management consist of culture, capabilities and practices that use comprehensive approach in addressing and managing risks proactively in all functional areas within organization with the ultimate goals to maximize stakeholder value.

4. The Identification Process of Adopters and Non-adopters of ERM From the very beginning of this study, researcher has found difficulty to distinguish between adopters and non-adopters among SMEs especially in Malaysia. As mentioned by Hoyt, Moore, & Liebenberg (2008), a major obstacle to empirical research in ERM is the difficulty in identifying firms engaging in ERM. Moreover, most of the firm are either implemented a complete or partial ERM Framework (Abdul Rasid & Abdul Rahman, 2009). Lundqvist (2014) in the study of dimension used to determine ERM implementation in a firm have found that most of the available studies have used inconsistent dimension. Most of previous researchers identify and measure the ERM implementation using certain proxies such as chief risk officer or senior risk officer (Beasley, Clune, & Hermanson, 2005b; Hoyt et al., 2008; Lam, n.d.; Pagach & Warr, 2008; Yazid, Razali, & Hussin, 2011). Moreover, most of the studies done related to ERM were mainly US-based and scare to find research in Malaysia environment (Shanmugam et al., 2012). However, several research finding from Malaysia context on public listed companies (PLCs) (Togok, 2016; Wan Daud, Yazid, & Hussin, 2010) and Government-Linked Companies (GLCs) (Yazid, Hussin, & Daud, 2011b) also have shown that CRO is one of the indicator used to differentiate between adopters and non-adopters. However, using a CRO would identify too few firms as ERM adopters (Lundqvist, 2014). Hence, this research has purposed 3 steps process in order to identify the adopters or non-adopters of ERM among SMEs. See figure 1.2. First step - Preliminary Identification: SMEs need to answer ‘Yes’ or ‘No’ to show either they have adopted or have not adopted ERM. The instrument used as follow: Table 1.1: Survey Question represents Step 1 Identification of adopters and Non-adopters

Question Answer

Did you use Enterprise Risk Management in your company Yes No

However, (Beasley, Clune, & Hermanson, 2005c) purpose a range of ERM adoption level rather than just use ‘Yes’ or ‘No as an indicator for ERM adoption. Therefore, second step was proposed.



1237

Second step – Basic ERM implementation To support the first answer, the adopters need to state the level of ERM involvement or adoption in their business area including business planning, human resource management, outsourcing, sales of product and services, emergency plan, financial management, product and services development. All this area suggested in application of enterprise risk management in SMEs (Alliance, 2005). Table 1.2: Application of ERM in SMEs

Management Level Area Application of risk management

Strategy and planning Business continuity planning Business interruption procedures and strategies

Emergency planning Contingency planning Disaster planning and recovery Fire and life safety management

Business planning Business plan Strategic plan

Human resource management Training Culture Asset management Capital expenditure

Financial management Budgeting Cashflow management Asset management Capital expenditure

Outsourcing Intelectual property protection Contract management

Operations Product/service development Insurance Equipment management Environment management Resource allocation Housekeeping Emergency response Security Quality assurance Documentation Reporting Occupational health and safety Supply management Maintenance

Product/service delivery Project management Customer relationship management Post-sale service Guarantee management Occupational health and safety Hazard assessment/management Contract management Complaints management



1238

In addition, these area are important to be included in the questionnaire since the risks faced by companies are highly interdependent between financial risk and business risk, business risk and operational risk, and operational risk and financial risks (Lam, 2014). See figure 1.1

Figure 1.1: Enterprise-Wide Risks

Figure 1.1, shows enterprise-wide risks or enterprise risk management (ERM) is assumed practiced by SMEs by looking at this three major organizational area namely; business risk, finance risk and operational risk. The reason to use this second step as indicator of ERM adoption for SME as the finding by Lundqvist (2014) in his study that 73% out of 143 respondents from large firms have said that they use definition of ERM other than COSO. Only few companies can claim they have fully implemented ERM, as defined by COSO (Proviti Inc., 2006). COSO (2004) is widely used in developed countries, while Asia Pacific Region are more familiar with AS/NZS 4360,2004 as a guide to ERM practices. Moreover, Bursa Malaysia Guideline also only adapted three of eight components of effective ERM namely control activities, information and communication and monitoring (Togok, 2016). Using 11-point scales, the respondent need to agree at level 3 and above for at least three ERM activities involved in their businesses to be considered as adopters. Leung (2016) suggest that 11-point scale as it increase sensitivity and is closer to interval level of scaling and normality. Details of the instrument form are as followed: Please circle ONE answer only the level of agreement (0 – very disagree until 10 – very agree) for the statement below. Your company business activities as stated below have already used ERM. .



1239

Table 1.3: Basic ERM Adoption for SMEs

Business activities Level of agreement

Business Planning Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Human Resource Management Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Outsourcing Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Sales of products and services Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Emergency planning Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Financial management Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Products and services development Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Other, please state:_______________ Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Third step – Global ERM Framework Practices Third step is to strengthen the second step; the adopters need to answer the ERM question based on COSO (2004) framework. As mention before, COSO is more practiced in developed country since regulation on ERM are much more matured and advanced as compared to less developed countries (Togok, 2016). Since, Malaysia aims to be developed country; step 3 can give better measure to what extent ERM are fully practiced by SMEs. This framework defines eight components of ERM such as internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring (Chandra Shekhar & Warrier, 2004). Also by using 11 –point scale, the respondent need to agree at level 3 and above for at least three COSO (2004) components involved in their businesses. Some components is sufficient to represent the existence of COSO in the implementation of ERM among SMEs (Kiew Heong Angeline & Saw Teng, 2016). Details of the instrument as mentioned below: Please circle ONE answer only the level of agreement (0 – very disagree until 10 – very agree) for the given statement. Your company has already implemented ERM for the following activities as stated below.



1240

Table 1.4: Question base on Global ERM Framework COSO (2004)

Question Level of agreement

1) Objective Setting

Has aligned its business risks with its corporate-level and business-unit-level goals and objectives

Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Has established explicit, corporate-wide risk tolerance levels or limits for all major risk categories


Has clearly communicated its expectations for risk-taking to senior managers


2) Internal Environment

Has communicated a risk management mission statement, value proposition, and benefits statement to senior managers


Has incorporated responsibility for risk management into the position description of all managers


Board of directors or committee of the board is actively involved in the risk management process.


3) Information and Communication

Has a corporate-wide common language for communicating risk-type exposures, control activities, and monitoring efforts


Has regular briefs to the board and executive committee on risk management issues


4) Event Identification

Has established a comprehensive business risk inventory of the risks you expect your managers to manage 2.


Its business units utilize facilitated self-assessment and/or survey techniques to map risks


5) Risk Response

Conducts formal risk assessment across the company on a regular basis




1241

Its business units analyze the root cause, impact, and interrelationships of its risks


Has quantified its key risk to the best extent possible Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Has a process to integrate the effects of the major risk types (strategic, operational, financial, hazard, and legal)


Its business units develop and determine risk mitigation strategies


6) Monitoring

Has established written risk policy and procedure manuals that are consistent across major risks


Its business units monitor and report on current status of managing key risks


Its business units monitor and report on current status of managing key risks


7) Risk Assessment

Risks were analysed by taking consider likelihood and risk impact as a basis to decide on how to manage the risk


Risk assessment of financial aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Risk assessment of regulation compliance aspect has been done


Risk assessment of technology aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Risk assessment of economical aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Risk assessment of goodwill has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10



1242

8) Control Activities

Policies and procedures were established and implemented to make sure an efficient risk response has been done


Control on sales aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Control on emergency planning has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Control on routine check on control effectiveness has been done


Control on task segregation has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Control on authority to approve has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Control on document and record has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10

Control on the implementation process of ERM has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10



1243

All these steps will then use to conclude either the respondents are adopters or non-adopters. Moreover it can help researcher to understand the level of adoption.

Figure 1.2: the process to identify adopters and non-adopters for SMEs

5. Conclusions Previous literatures discussed ERM and SMEs but yet there is a lack of study being proposed especially regarding ERM practices among SMEs in the Malaysian context. From the review of literature, the identification process of ERM adaptors and non-adopter will help researcher to have simple and systematic approach to develop more research on ERM and SMEs topic in the future. This study is very significant in enhancing understanding of ERM adoptions among SMEs in general and specifically in Malaysia. References Abdul Rasid, S. Z., & Abdul Rahman, A. R. (2009). Management Accounting and Risk Management

Practices in Financial Institutions. Jurnal Teknologi, 51, 89–110. Alliance, G. R. (2005). Risk management guide for small business. Amalina, N., Abdullah, M., Zakuan, N., Khayon, M., & Ariff, M. S. (2012). Adoption of Enterprise Risk

Management Practices in Organization : A Review. International Journal Business & Information Technology, 2(1), 1–9. Retrieved from http://excelingtech.co.uk/

Ayyagari, M., Demirguc-Kunt, A., & Maksimovic, V. (2011). Small vs . Young Firms across the World Contribution to Employment , Job Creation , and Growth.

Beasley, M. S., Clune, R., & Hermanson, D. R. (2005a). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting & Public Policy, 24(6), 521–531. Retrieved from

Step 1: Adoption base on Yes or No answer (preliminary identification)

Step 2: Adoption base on minimum 3 risk management practices with degree of agreement at level 3 of 11 - point scale within organization activities.

(Consider as basic ERM implementation base on Lam (2014) and Alliance (2005)

Step 3: Adoption base on minimum 3 of COSO's ERM component practiced with degree of agreement at level 3 0f 11- point scale.

(Global ERM Framework base on COSO (2004) ERM framework)



1244

10.1016/j.jaccpubpol.2005.10.001%5Cnhttp://libaccess.mcmaster.ca.libaccess.lib.mcmaster.ca/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=19185873&site=ehost-live&scope=site

Beasley, M. S., Clune, R., & Hermanson, D. R. (2005b). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521–531. https://doi.org/10.1016/j.jaccpubpol.2005.10.001

Beasley, M. S., Clune, R., & Hermanson, D. R. (2005c). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521–531. https://doi.org/10.1016/j.jaccpubpol.2005.10.001

Brustbauer, J. (2016). Enterprise risk management in SMEs : Towards a structural model, (X). https://doi.org/10.1177/0266242614542853

Chandra Shekhar, P., & Warrier, S. R. (2004). Enterprise Risk Management - From the boardroom to shop floor. Domain Competency Group of Infosys Ltd. Retrieved from www.infosys.com

Dickinson, G. (2001). Enterprise Risk Management : Its Origins and Conceptual Foundation. The Geneva Papers on Risk and Insurance, 26(3), 360–366. https://doi.org/10.1111/1468-0440.00121

Ekwere, N. (2016). Framework of Effective Risk Management in Small and Medium Enterprises ( SMEs ): A Literature Review, 20, 23–46.

Falkner, E. M., & Hiebl, M. R. W. (2015). Risk management in SMEs : a systematic review of available evidence. https://doi.org/10.1108/JRF-06-2014-0079

Gorzeń-Mitka, I. (2013). Risk Identification Tools -- Polish Msmes Companies Practices. Problems of Management in the 21st Century, 7, 6–11. Retrieved from http://ra.ocls.ca/ra/login.aspx?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=89641545&site=bsi-live

Hoyt, R. E., Moore, D. L., & Liebenberg, A. P. (2008). The Value of Enterprise Risk Management : Evidence from the U . S . Insurance Industry. Unpublished Paper, 1–22.

Kiew Heong Angeline, Y., & Saw Teng, Y. (2016). Enterprise Risk Management: Evidence from Small-Medium Enterprises, (March), 151–170.

Lam, J. (n.d.). management The ERM Guide from AFP. Lam, J. (2014). Enterprise Risk Management: From Incentives to Controls; Second Edition. Wiley, 2,

1–476. Leung, S. (2016). A Comparison of Psychometric Properties and Normality in 4- , 5- , 6- , and 11-

Point Likert Scales A Comparison of Psychometric Properties and Normality in, 8376(January). https://doi.org/10.1080/01488376.2011.580697

Lundqvist, S. a. (2014). An exploratory study of enterprise risk management : Pillars of ERM. Journal of Accounting, Auditing, and Finance, 29(3), 393–429. https://doi.org/10.1177/0148558X14535780

Malaysia, S. C. (2012). Malaysian Code on Corporate Governance 2012, 1–43. Malaysia, S. C. (2012). Summary SME Masterplan 2012-2020. SME Corporation Malaysia. Kuala

Lumpur. Retrieved from http://medcontent.metapress.com/index/A65RM03P4874243N.pdf Malaysia, S. C. (2016). SME Annual Report 2015/16. Monda, B., & Giorgino, M. (2013). An ERM Maturity Model. Professional Risk Managers’



1245

International Association, Society of Actuaries, 32, 1–23. Pagach, D., & Warr, R. (2008). The Characteristics of Firms that Hire Chief Risk Officers The

Characteristics of Firms that Hire Chief Risk Officers. Proviti Inc. (2006). Guide to Enterprise Risk Management : Frequently Asked Questions, 145. Razali, A. R., & Tahir;, L. M. (2011). Review of the Literature on Enterprise Risk Management.

Business Management Dynamics, 1(5), 08-16. Razali, A. R., & Tahir, L. M. (2011). Review of the Literature on Enterprise Risk Management.

Business Management Dynamics, 1(5), 08-16. Ropega, J. (2011). The Reasons and Symptoms of Failure in SME. International Advances in

Economic Research, 17(4), 476–483. https://doi.org/10.1007/s11294-011-9316-1 Salleh, F., & Ibrahim, M. D. (2011). Demographic Characteristics Differences of Risk Taking

Propensity among Micro and Small Business Owners in Malaysia. International Journal of Business and Social Science, 2(January), 149–153.

Shanmugam, J. K., Ali, A., Hassan, M., & Haat, C. (2012). Internal Control , Risk Management and Fraud Prevention Measures on Smes : Reliability and Validity of Research Instrument. International Conference on Business and Economic Research, (March), 475–494.

Togok, S. (2016). Factors Influencing The Effectiveness of Enterprise Risk Management (ERM) in Public Listed Companies. Universiti Malaya.

Vadiveloo, J., & Aguirre, M. (2013). Enterprise Risk Management – Small & Medium Sized Enterprises. In 2013 International Acturial Conference (pp. 1–31). Medellin, Colombia: Towers Watson.

Wan Daud, W. N., Yazid, A. S., & Hussin, H. M. R. (2010). The Effect Of Chief Risk Officer (CRO) On Enterprise Risk Management (ERM) Practices: Evidence From Malaysia. International Business & Economic Research Journal, 9(11), 55–64.

Yazid, A. S., Hussin, M. R., & Daud, W. N. W. (2011a). An Examination of Enterprise Risk Management (ERM) Practices among the Government-Linked Companies (GLCs) in Malaysia. International Business Research, 4(4), 94–103. https://doi.org/10.5539/ibr.v4n4p94

Yazid, A. S., Hussin, M. R., & Daud, W. N. W. (2011b). An Examination of Enterprise Risk Management (ERM) Practices among the Government-Linked Companies (GLCs) in Malaysia. International Business Research, 4(4), 94–103. https://doi.org/10.5539/ibr.v4n4p94

Yazid, A. S., Razali, A. R., & Hussin, M. R. (2011). Determinants of Enterprise Risk Management (ERM): A Proposed Framework for Malaysian Public Listed Companies. International Business Research, 5(1), 80–86. https://doi.org/10.5539/ibr.v5n1p80

Yolande Smit. (2012). A literature review of small and medium enterprises (SME) risk management practices in South Africa. African Journal of Business Management, 6(21), 6324–6330. https://doi.org/10.5897/AJBM11.2709

Yusuf, T. O., & Dansu, F. S. (2013). SMEs, Business Risks and Sustainability in Nigeria. European Journal of Business and Social Sciences, 2(9), 76–94. Retrieved from http://www.ejbss.com/Data/Sites/1/vol2no9december2013/ejbss-1312-13-smes,businessrisksandsustainabilityinnigeria.pdf

enterprise risk management (erm) practices...

Documents